U.S. News

Investigator finds Colorado voter system passwords were not intentionally posted online

Image

FILE - Stickers for voters sit in a roll on top of a ballot box at a voting drop-off location, Oct. 25, 2024, in Washington Park in Denver. (AP Photo/David Zalubowski, File)
 
Share

DENVER (AP) — A “series of inadvertent and unforeseen events” resulted in Colorado voting system passwords being posted on the Secretary of State’s website, an outside investigator said.

A Denver attorney did not find any intentional wrongdoing by Secretary of State Jena Griswold or staff in her office, but said two policies were violated. Attorney Beth Doherty Quinn suggested in her report, dated Sunday, that the agency require a more thorough review of documents before they are posted on the secretary’s website and better protection of passwords.

The passwords — “only some of which were still active,” Doherty Quinn said — were on hidden tabs in a spreadsheet containing information about county voting systems that was posted on the secretary’s website on June 21. The information had previously been posted as a PDF that could not be manipulated, but an employee suggested posting the information in a spreadsheet software in the interest of transparency. The hidden sheets were discovered on Oct. 24.

The passwords were one of two needed to access components of the Colorado voting system, Griswold’s spokesperson Jack Todd has said. Griswold said it was not a security threat.

Not PARSE.LY: Colorado
Thompson, Avery lead Oklahoma State’s balanced attack in 83-73 win over Colorado
 
Image
Operator error blamed for elevator incident that led to death of guide at former Colorado gold mine
 
Lukosius’ late 3s help Cincinnati seal Colorado’s fate with 68-62 win
 

The tabs that included the passwords had been hidden in a file kept by a former employee. None of the employees involved in posting the document online knew that hiding tabs was a feature of the software, the investigation found.

What to know about the 2024 Election

  • Democracy: American democracy has overcome big stress tests since the 2020 election. More challenges lie ahead in 2024.
  • AP’s Role: The Associated Press is the most trusted source of information on election night, with a history of accuracy dating to 1848. Learn more.
  • Read the latest: Follow AP’s complete coverage of this year’s election.

The “substantial weight of the evidence” shows the hidden tabs with the passwords were posted “mistakenly, unknowingly and unintentionally,” because the employees involved were unaware the hidden worksheets existed, Doherty Quinn wrote in her report.

Doherty Quinn recommended the office require all passwords to be stored using software called a “password safe,” and to create a checklist of things that need to be reviewed before something is posted on the website, including seeing if there are hidden tabs and removing any metadata.